Harbor: Insufficient scope when using the docker registry API

Created on 24 May 2019  路  2Comments  路  Source: goharbor/harbor

Expected behavior and actual behavior:
The docker registry API always return a 401 error.

Steps to reproduce the problem:
When trying to access https://myserver:444/v2/_catalog, it returns an UNAUTHORIZED error asking for the registry:catalog:* scope.

After getting a token specifying this scope (https://vacl013d:444/service/token?service=harbor-registry&scope=registry:catalog:*) and sending it, I still get the same 401 error.

There is the following message in the registry.log :
level=warning msg="error authorizing context: insufficient scope" go.version=go1.11.8 http.request.contenttype="application/json" http.request.host="vacl013d:444" http.request.id=8abaca21-a487-4598-b20f-d73b58b88f75 http.request.method=GET http.request.remoteaddr=172.21.29.222 http.request.uri="/v2/_catalog" http.request.useragent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36"

Versions:

  • harbor version: [1.8.0]
picture DeepSilence

Most helpful comment

Thanks, this solved the problem.
It is not intuitive however, as the first error message do not indicate this.

picture DeepSilence on 3 Jun 2019
👍2

All 2 comments

Only the system administrators have the privilege to catalog repositories, so you need to request the token with system admin users

ywk253100 picture ywk253100 on 27 May 2019
👎1

Thanks, this solved the problem.
It is not intuitive however, as the first error message do not indicate this.

DeepSilence picture DeepSilence on 3 Jun 2019
👍2
Was this page helpful?
0 / 5 - 0 ratings

Related issues

Hotege picture Hotege  路  3Comments
pingcrosby picture pingcrosby  路  3Comments
xiaosadexiaohai picture xiaosadexiaohai  路  3Comments
andrewtchin picture andrewtchin  路  3Comments
adomenech73 picture adomenech73  路  3Comments